If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

I was under that impression too, but Neg said he could move threads that didn't belong out of the forum but he couldn't move threads that did belong here into the forum. Or at any rate, not from a forum that he doesn't moderate like the firewall forum.

IPTABLES save error!!

Hey guys i am having a little problem trying to get my iptables to save.I copied str34m3r s rules into a file (rc.firewall) and then ran it with root permissions "/etc/rc.firewall" and then when i tryed to save the file " service iptables save " i get an error "/etc/init.d/iptables: line 173: syntax error: unexpected end of file " Any ideas on whats wrong???

I am using: kernel 2.4.18 - Iptables 1.2.6a <----- i looked for some maybe problems savings for these iptables but cant find anythng.

Hi Kurupt007,
This is what I did (thanks to RiOter and evil_enchilada). I entered
the rules I wanted to use from St34m3rs tutorial via the command line.
Then I did iptables-save /etc/iptables.conf from the command line.
Then I did went to the rc.local file and added this line to the file
iptables-restore /etc/iptables.conf

Your way is probably better, but this is working for me. Every time I
reboot the iptables reload. Seems to be working.

For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
(Romans 6:23, WEB)

OK,
Str34m3r, here's something I'd like you to talk about. How do you do logging for
an iptables firewall? Let's say I wanted to log all dropped TCP, IMCP, and selected
UDP packets. And let's also say, I wanted to log all dropped OUTPUT packets. How would I do that? Thanks.

For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
(Romans 6:23, WEB)

# Create another chain to do the work for you
iptables -N LOGDROP
# Then you'll need to put rules in that chain that will log and then drop the packets as you mentioned
iptables -A LOGDROP -j LOG --log-level 7
iptables -A LOGDROP -j DROP

Then whenever you want to log and drop a packet, you would send the packets to the logdrop chain like this:

And because you used log-level 7 (which is the debug level), you can easily distinguish the iptables messages. If you put this line in /etc/syslog.conf :

Code:

kern.=debug /var/log/iptables

then syslog will filter out all the iptables traffic and put it in its own separate file. You'll also have to add 'kern.!=debug' to the line that already handles the kernel logs or else you'll see them in two files.

I guess we'll have to agree to disagree on this one. I do agree that the internet is a vast public network - full of malicious hackers, worms, and random skiddies on my subnet who just downloaded a new hacker tool. I do my best to make them think I don't exist.

If the skiddies are on your subnet then how can you hide your ARP traffic to pretend you dont exist? As far as I am concerned, it is very easy to detect everyone who is active on a subnet. Anyways, please enlighten me, im new to all of this and am curious to learn more

I guess this was bumped for a valid reason. I'm pretty sure if you're going to hide your ARP traffic (hide as in make it nonexistent) then you might as well unplug yourself from the network, because you will be nonexistent to all other machines on the network. I could be wrong though. There's probably a way to deny ARP traffic to hosts you don't explicitly allow. So I guess then you could hide yourself to unauthorized people who plug into your network. And if you're using a switch they can't sniff traffic not designated for them, given that they haven't flooded the arp table on the switch. But what's the point? :P